Home | README.md | Portfolio | ← | →

Reading What is Amazon GuardDuty?

Videos

AWS re:Inforce 2019: Threat Detection on AWS: An Introduction to Amazon GuardDuty (FND216)

What are some of the IoCs that GuardDuty can detect?

Indicators of Compromise (IoCs)- unusual resources launched, port scan performed, resource permissions discovery, bitcoin activity, etc

What are some of the data sources which GuardDuty can use?

VPC flow Logs, Clout Trail Events, and DNS Logs

How does GuardDuty use access behavior to spot potential malicious activity?

sites hosting hacker tools, cryptocurrency mining pools, detecting unusual out of the ordinary base line behavior. Unusual API activity, unusual logins (The speaker warns about: after getting the service, don't start doing unusual things, because you're now putting it into the baseline model)